Subnet Calculator
Break a CIDR into network, broadcast, mask, wildcard, and usable host range.
Monitor this automatically
NetTests can run this check on a schedule, preserve historical results, compare changes over time, and alert you the moment something breaks.
Start monitoring free → See all monitoring productsFrequently Asked Questions
What is CIDR notation?
CIDR (Classless Inter-Domain Routing) represents an IP network as an address followed by a prefix length: 192.168.1.0/24. The prefix length specifies how many bits are the network portion — /24 means 24 bits fixed, giving 256 addresses (28). This replaced the older Class A/B/C system for more flexible address allocation.
What is the difference between network and broadcast addresses?
The network address is the first address in a subnet (all host bits 0) and identifies the subnet itself — it cannot be assigned to a host. The broadcast address is the last address (all host bits 1) and sends a packet to all hosts in the subnet. Usable hosts are everything in between.
How do I calculate the number of usable hosts?
Usable hosts = 2(32 − prefix) − 2. The −2 removes the network and broadcast addresses. For a /24: 28 − 2 = 254 hosts. For a /30 (point-to-point links): 22 − 2 = 2 hosts.
What is subnetting used for?
Subnetting divides a large IP block into smaller networks for: security isolation (hosts in different subnets can't communicate without a router), reduced broadcast traffic, efficient IP address utilisation, and hierarchical network design. VLANs are the Layer-2 complement — they work together with subnets at Layer 3.
Network Tools
-
HTTP Request
Send HTTP requests with custom method, headers, body, and authentication — inspect the full response.
-
HTTP Request Timing
Load a URL in headless Chromium and stream every fetched resource with size and timing.
-
Uptime Check
The simplest possible check: fetch the page, confirm it returns 2xx.
-
CORS Tester
Test any URL for CORS (Cross-Origin Resource Sharing) with a custom method, headers, and body — see exactly why a browser would allow or block the request.
-
Dead Link Checker
Crawl a website and find broken internal links — renders JS pages with a headless browser.
-
IP Blacklist Check
Check an IPv4 address against 49 major DNS blacklists (Spamhaus, SORBS, Barracuda, SpamCop, etc.).
-
Network Path Monitor
Continuous traceroute with per-hop loss and RTT statistics.
-
Traceroute
Trace the path packets take to a destination host, hop by hop.
-
Ping Scanner
Ping many hosts in parallel and report which are alive.
-
Ping Host
Send ICMP echo requests and report RTT and packet loss.
-
IP Geolocation
Resolve a domain or IP to its city, country, ASN/org, and coordinates — with a map.
-
IPv4 ↔ IPv6
Convert IPv4 to/from IPv4-mapped IPv6 (::ffff:a.b.c.d).
-
MAC OUI Lookup
Look up a MAC address's first 3 octets in the IEEE OUI vendor database (curated subset).
Email / SMTP Diagnostics
-
Email Health
One-click domain scorecard — Blacklist, Mail Server, Web Server, and DNS checks graded Errors / Warnings / Passed, MXToolbox-style.
-
Email Records Check
Consolidated MX, SPF, DMARC, and DKIM-selector lookup for an email domain.
-
SPF Record Checker
Look up and validate a domain's SPF (Sender Policy Framework) TXT record.
-
Email Blacklist Check
Resolve a domain's MX hosts to IPs and check each against 49 IP blacklists plus the domain itself against 9 domain blacklists.
-
SMTP Banner Probe
Connect to an SMTP server, capture its banner + EHLO capabilities, and test STARTTLS.
Packet Generation & Testing
-
TCP/UDP Connection Tester
Check TCP port reachability; optionally send a payload and read the reply.
-
TLS Handshake Inspector
Inspect a server's TLS handshake: version, cipher, ALPN, full cert chain.
-
HTTP Availability Check
Probe a list of hostnames (max 16) for HTTP and HTTPS availability.
-
HTTP Latency
Send N HTTP HEAD requests to a URL and report min/median/mean/max/stddev latency. From this server's vantage.
-
Path MTU Probe
Discover the path MTU to a host by sending increasingly large DF-bit pings (binary search).
IP & Subnet Utilities
Routing & BGP
TLS / SSL Auditing
-
TLS Quick Scan
Probe which TLS protocol versions a server accepts and show the cipher each negotiates.
-
TLS Deep Scan
Full chain validation, OCSP stapling, SCT count, and per-TLS-version cipher matrix.
-
SSL Certificate Expiration
Days remaining before a server's TLS certificate (and its full chain) expires.
-
Domain Certificate Audit
Search Certificate Transparency logs for every SSL certificate ever issued to a domain — reveals subdomains, issuers, and historical issuance.
NTP / Time Sync
HTTP/2 & WebSocket
-
HTTP/2 Probe
Negotiate HTTP/2 via ALPN and decode the server's SETTINGS frame (window size, max streams, etc.).
-
WebSocket Probe
Send a WebSocket Upgrade handshake and verify the Sec-WebSocket-Accept response, subprotocols, and extensions.
-
HTTP/2 Stress Testerlogin
Benchmark HTTP/2 server performance — measure requests per second, latency distribution, and concurrent stream throughput under sustained load.
Encoding & Conversion
-
Hex ↔ Text
Convert UTF-8 text to a hex string, or parse a hex string back to text (separators :/.- ignored).
-
Binary ↔ Text
Convert UTF-8 text to 8-bit binary, or parse a binary string back to text.
-
Case Converter
Convert text between common casings: UPPER, lower, Title, snake_case, kebab-case, camelCase.
-
Number Base
Convert a number between decimal, binary, octal, and hexadecimal representations.
-
Unix Timestamp
Convert between Unix epoch seconds and ISO/RFC datetime formats (UTC).
-
IPv4 ↔ Decimal
Convert between dotted IPv4 notation, 32-bit decimal, hex, and dotted binary.
-
JWT Decoder
Decode a JWT into its header and payload (no signature verification — that needs the signing key).